ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Re: dkim service

2005-10-15 12:07:23
On October 13, 2005 at 16:20, Jim Fenton wrote:

This relates to one of the motivations for multiple signatures.  If you 
have a non-mangling mailing list, you might want to preserve the 
original signature, because it's still valid and some people might want 
to base a decision on that.  They (or others) might want to know for 
sure that it came from the list, because they want to make sure that 
they read all messages on the list.  A WG chair might have that concern, 
for example.

And here is where roles can play an important role, especially wrt SSP.
The mailing list signature could not be applied, or be valid, if the
SSP (as currently defined) disallows 3rd-party signatures (and it
has been argued that no entity should allow 3rd-party sigs due to
spoofing concerns).

However, if the list sig had a role specification, SSP constraints
would not be a factor since the list is not claiming any relationship
with to the OA.

--ewh
_______________________________________________
ietf-dkim mailing list
http://dkim.org